VA-26-191-01
Vulnerability from csaf_cisa - Published: 2026-07-10 16:36 - Updated: 2026-07-10 16:36Summary
Deloitte AI Assist for Customer multiple vulnerabilities
Notes
Legal Notice: All information products included in [https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white](https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white) are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see [https://us-cert.cisa.gov/tlp/](https://us-cert.cisa.gov/tlp/).
Countries and Areas Deployed: Worldwide
Critical Infrastructure Sectors: Information Technology
Risk Evaluation: Deloitte AI Assist for Customer contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could read or write data to the RAG corpus or make limited modifications to configurations.
Recommended Practices: Use only the most recent available version of AI Assist for Customer.
Company Headquarters Location: United States
Supplier Statement: The following statement was provided by Deloitte:
The application at issue is Deloitte’s AI Assist for Customer, a generative-AI tool suite that
Deloitte hosts and manages. AI Assist for Customer is a separate solution from AI Assist and is
not part of, and has no technical integration with, Deloitte’s Ascend Platform; the reported
conditions do not implicate either.
Deloitte investigated the reported conditions promptly, restricted network access to the affected
endpoints, enforced authentication, and redeployed the affected components on private network
infrastructure. The originally exposed endpoints are no longer publicly accessible. Deloitte has
found no evidence that the reported conditions were exploited by any unauthorized party, or that
any confidential client data was accessed, read, or exfiltrated. Deloitte hosts and manages all
instances of AI Assist for Customer; the remediation has been applied to all instances, and no
action is required by any client or other party.
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer <2026-03-25
Deloitte / AI Assist for Customer
|
<2026-03-25 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer 2026-03-25
Deloitte / AI Assist for Customer
|
2026-03-25 |
Vendor Fix
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer <2026-03-25
Deloitte / AI Assist for Customer
|
<2026-03-25 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer 2026-03-25
Deloitte / AI Assist for Customer
|
2026-03-25 |
Vendor Fix
|
4.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer <2026-03-25
Deloitte / AI Assist for Customer
|
<2026-03-25 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Deloitte AI Assist for Customer 2026-03-25
Deloitte / AI Assist for Customer
|
2026-03-25 |
Vendor Fix
|
References
5 references
Acknowledgments
Zero Tolerance
Karim El Labban
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in [https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white](https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white) are provided \\\"as is\\\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see [https://us-cert.cisa.gov/tlp/](https://us-cert.cisa.gov/tlp/).",
"title": "Legal Notice"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries and Areas Deployed"
},
{
"category": "other",
"text": "Information Technology",
"title": "Critical Infrastructure Sectors"
},
{
"category": "summary",
"text": "Deloitte AI Assist for Customer contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could read or write data to the RAG corpus or make limited modifications to configurations.",
"title": "Risk Evaluation"
},
{
"category": "general",
"text": "Use only the most recent available version of AI Assist for Customer.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "United States",
"title": "Company Headquarters Location"
},
{
"category": "general",
"text": "The following statement was provided by Deloitte:\n\nThe application at issue is Deloitte\u2019s AI Assist for Customer, a generative-AI tool suite that\nDeloitte hosts and manages. AI Assist for Customer is a separate solution from AI Assist and is\nnot part of, and has no technical integration with, Deloitte\u2019s Ascend Platform; the reported\nconditions do not implicate either.\n\nDeloitte investigated the reported conditions promptly, restricted network access to the affected\nendpoints, enforced authentication, and redeployed the affected components on private network\ninfrastructure. The originally exposed endpoints are no longer publicly accessible. Deloitte has\nfound no evidence that the reported conditions were exploited by any unauthorized party, or that\nany confidential client data was accessed, read, or exfiltrated. Deloitte hosts and manages all\ninstances of AI Assist for Customer; the remediation has been applied to all instances, and no\naction is required by any client or other party.",
"title": "Supplier Statement"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "https://www.cisa.gov/report",
"issuing_authority": "CISA",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "Vulnerability Advisory VA-26-191-01 CSAF",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json"
}
],
"title": "Deloitte AI Assist for Customer multiple vulnerabilities",
"tracking": {
"current_release_date": "2026-07-10T16:36:19Z",
"generator": {
"engine": {
"name": "VINCE-NT",
"version": "1.15.0+build.101"
}
},
"id": "VA-26-191-01",
"initial_release_date": "2026-07-10T16:36:19Z",
"revision_history": [
{
"date": "2026-07-10T16:36:19Z",
"number": "1.0.0",
"summary": "Initial publication"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer \u003c2026-03-25",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version",
"name": "2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer 2026-03-25",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AI Assist for Customer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer \u003c2026-03-25",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer 2026-03-25",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "AI Assist for Customer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer \u003c2026-03-25",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version",
"name": "2026-03-25",
"product": {
"name": "Deloitte AI Assist for Customer 2026-03-25",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "AI Assist for Customer"
}
],
"category": "vendor",
"name": "Deloitte"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Karim El Labban"
],
"organization": "Zero Tolerance"
}
],
"cve": "CVE-2026-57474",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker\u2019s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/T:P/2026-06-23T18:28:53Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0002"
],
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/"
},
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf"
},
{
"category": "external",
"summary": "raw.githubusercontent.com",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-57474"
}
],
"release_date": "2026-05-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Deloitte AI Assist for Customer information disclosure"
},
{
"acknowledgments": [
{
"names": [
"Karim El Labban"
],
"organization": "Zero Tolerance"
}
],
"cve": "CVE-2026-57475",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:N/T:P/2026-06-23T18:30:43Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0002"
],
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/"
},
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-57474"
},
{
"category": "external",
"summary": "raw.githubusercontent.com",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json"
}
],
"release_date": "2026-05-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Deloitte AI Assist for Customer unauthenticated configuration write"
},
{
"acknowledgments": [
{
"names": [
"Karim El Labban"
],
"organization": "Zero Tolerance"
}
],
"cve": "CVE-2026-57476",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:N/T:P/2026-06-23T18:31:21Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0002"
],
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/"
},
{
"category": "external",
"summary": "zerotolerance.me",
"url": "https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf"
},
{
"category": "external",
"summary": "raw.githubusercontent.com",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-57474"
}
],
"release_date": "2026-05-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"date": "2026-03-25T00:00:00Z",
"details": "Fixed on 2026-03-25.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Deloitte AI Assist for Customer unauthenticated RAG corpus read and write"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…